Cisco Systems is gearing up to extend its cybersecurity reach all the way out to the endpoint, in the wake of plopping down $2.35 billion to acquire Duo Security, a provider of identity management software delivered as cloud service. The deal, which is based on cash and assumed equity awards, is expected to close later this year.
David Goeckeler, executive vice president and general manager for the networking and security business unit of Cisco, during a conference call revealed Cisco’s plans to converge networking, security and identity management in a zero-trust secure internet gateway offering. Duo Security is a core part of that strategy because for the first time it extends the reach of Cisco beyond the network perimeter, Goeckeler said.
In fact, Duo Security CEO Dug Song noted that the company’s agentless identity management service already includes the ability to determine the cybersecurity posture of endpoint devices connected to the service. Cisco already makes available its Identify Services Engine (ISE) that embeds access management technologies into the network itself along with a cloud-access security broker (CASB) software. The combination of Duo Security and ISE has the potential to substantially reduce the number of compromised credentials that cybercriminals are able to employ to bypass cybersecurity defenses.
Long term, Cisco plans to combine the cybersecurity capabilities gained by acquiring Duo with the software-defined wide area network (SD-WAN) technology it gained by via its acquisition of Viptela last year to create a robust secure internet gateway, Goeckeler said, noting that gateway will extend the reach and scope of the Umbrella gateway service that Cisco already offers.
Acquiring Duo Security will enable Cisco to create innovative approaches to ensure cybersecurity to defeat cybersecurity attacks that are increasingly sophisticated, he added.
The goal is to create a cloud-native approach to managing cybersecurity driven by application programming interfaces (APIs) that is a natural extension of the Cisco intent-based networking strategy, which is based on providing a policy-centric approach to networking that enables organizations to declaratively enforce network and security rules.
Cisco was apparently willing to pay a premium for Duo Security to advance a previously announced effort to rely more on software to drive recurring revenue generated via subscriptions to software services that span multiple cloud computing and on-premises IT environments.
It’s unclear to what degree the acquisition of Duo Security will drive a wave of acquisitions across the cybersecurity landscape. Cisco is clearly making a case of the convergence of security and networking management that is likely to be followed suit by many of rivals. The result may soon be that many cybersecurity technologies that are offered today as standalone products may become features of a larger platform. In theory, that should reduce the total cost of cybersecurity in the enterprise as IT organizations begin to reduce the number of vendors they need to rely on to secure their IT environments.
On the downside, however, is that as markets consolidate there’s usually a marked reduction in innovation that in the cybersecurity space that one day could prove to be a fatal flaw.